Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: PHP, information disclosure via session_start

December 2009 by Vigil@nce

An attacker can use a long session cookie, in order to obtain the installation path of the web site.

Severity: 1/4

Consequences: data reading

Provenance: internet client

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: multiples sources (3/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 29/12/2009

IMPACTED PRODUCTS

- PHP

DESCRIPTION OF THE VULNERABILITY

The PHP session_start() function initializes the session.

Sessions are saved in a temporary directory: /tmp/sess_[name-of-the-session]

However, if the session name is longer than the maximal file name size, an error occurs in the session_start() function. The error message contains the installation path of the web site: Warning: session_start() open(/tmp/sess_aaa..aa) in /path/page.php

An attacker can therefore use a long session cookie, in order to obtain the installation path of the web site.

CHARACTERISTICS

Identifiers: VIGILANCE-VUL-9316

http://vigilance.fr/vulnerability/P...




See previous articles

    

See next articles